Author Topic: ===> False Positives <=== (Read 351377 times)

Tigzy · « **on:** October 20, 2014, 11:44:25 AM »

This is a common thread to report all false positives.
Please put the entire line of the text report, no screenshot as much as possible.

Thanks

VT.Unknown specific case:
VT.Unknown means the file was unknown on Virus Total, and normally it has been uploaded at the same time.
So, after the file is uploaded, it's analysed by Virus Total. It can take a few hours.

If you redo a scan later enough, there's a high chance that the Virus Total report is available.
RogueKiller will grab it and not see it as unknown anymore (and not flag it).
Then depending on the VirusTotal results, if it's malware it will be flagged and you will see a VT.Something detection.

So, please when you see a VT.Unknown detection, it's because the file is quite new on the web.
Be patient, and redo a scan an hour later to check if it has changed. You can also upload it on VirusTotal by yourself to know if it's legit or not.

Irrelevant · « **Reply #1 on:** October 20, 2014, 02:20:49 PM »

Hello, are these false positives or is my computer infected ?

¤¤¤ Antirootkit : 34 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd2030c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd204034
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7fefe6f0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7fefe6e9370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7fefe712e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7fefe707490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7fefe702a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefe70ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7fefe71bf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7fefe6f3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7fefe6e8284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7fefe6ed9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7fefe70ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefe70f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7fefe703560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7fefe6f9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7fefe809440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7fefe708e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7fefe708e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7fefe701314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefc0a1b94
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Get_DevNode_Status_Ex : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd202fb4
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Reenumerate_DevNode : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd20cff0
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Get_Device_ID_ExW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd202d90
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef2a516f0

Tigzy · « **Reply #2 on:** October 20, 2014, 05:21:00 PM »

Hello
Yes, they are already fixed and waiting for the next release

davec · « **Reply #3 on:** October 22, 2014, 06:20:13 AM »

Are these also all false positives?

? TIA for your consideration.

¤¤¤ Antirootkit : 108 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x80720000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x80580000
[IAT:Addr] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x80580000
[IAT:Addr] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd4430c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd444034
[IAT:Addr] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ guard64.dll) ntdll.dll - ZwCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff380680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3a2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff397490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3abf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff378284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff379370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff37d9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff39ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff393560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff389980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff383e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff499440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff398e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff398e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff392a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff391314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefd0b1b94
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff398e70
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\system32\ole32.dll @ 0x7feff49a1a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff393560
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff398e20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\system32\ole32.dll @ 0x7feff455fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3abf00
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff397490
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoDisconnectObject : C:\Windows\system32\ole32.dll @ 0x7feff378420
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstanceEx : C:\Windows\system32\ole32.dll @ 0x7feff37de90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetCurrentLogicalThreadId : C:\Windows\system32\ole32.dll @ 0x7feff371d60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff391314
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetObjectContext : C:\Windows\system32\ole32.dll @ 0x7feff38c920
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff392a30
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\system32\ole32.dll @ 0x7feff4c3f90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff389980
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff379370
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - IIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff378d18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff37ad64
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff3963a8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\system32\ole32.dll @ 0x7feff375da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetApartmentType : C:\Windows\system32\ole32.dll @ 0x7feff396cf0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - GetHGlobalFromStream : C:\Windows\system32\ole32.dll @ 0x7feff439d20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39f1ac
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - ProgIDFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff4bf850
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff380680
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3787e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff378284
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\system32\ole32.dll @ 0x7feff3a2c60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\system32\ole32.dll @ 0x7feff4ca130
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\system32\ole32.dll @ 0x7feff38ca98
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMalloc : C:\Windows\system32\ole32.dll @ 0x7feff393540
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3a2e18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39ea20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantClear : C:\Windows\system32\ole32.dll @ 0x7feff396da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantCopy : C:\Windows\system32\ole32.dll @ 0x7feff4730a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff383e90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff39ef20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3740c0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff37d9d0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeSecurity : C:\Windows\system32\ole32.dll @ 0x7feff388220
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevertToSelf : C:\Windows\system32\ole32.dll @ 0x7feff375a58
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoImpersonateClient : C:\Windows\system32\ole32.dll @ 0x7feff375a14
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x80640000
[IAT:Addr] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000

Shola · « **Reply #4 on:** October 22, 2014, 07:21:37 AM »

My report, I'm still getting redirect virus even though none of the anti virus I've downloaded are finding anything

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 10/22/2014 12:17:54

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 75 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefda230c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefda24034
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff8bef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff8b3560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff8a9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff89d9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff8a3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bf1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff899370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff8b2a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff8b8e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff8cbf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff898284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff8a0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8c2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff8b7490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff8b8e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff8b1314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff9b9440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\version.DLL @ 0x7fefc781b94
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff8b8e70
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\system32\ole32.dll @ 0x7feff9ba1a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff8b3560
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff8b8e20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\system32\ole32.dll @ 0x7feff975fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff8cbf00
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff8b7490
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoDisconnectObject : C:\Windows\system32\ole32.dll @ 0x7feff898420
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstanceEx : C:\Windows\system32\ole32.dll @ 0x7feff89de90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetCurrentLogicalThreadId : C:\Windows\system32\ole32.dll @ 0x7feff891d60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff8b1314
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetObjectContext : C:\Windows\system32\ole32.dll @ 0x7feff8ac920
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff8b2a30
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\system32\ole32.dll @ 0x7feff9e3f90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff8a9980
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff899370
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - IIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff898d18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff89ad64
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff8b63a8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\system32\ole32.dll @ 0x7feff895da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetApartmentType : C:\Windows\system32\ole32.dll @ 0x7feff8b6cf0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - GetHGlobalFromStream : C:\Windows\system32\ole32.dll @ 0x7feff959d20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bf1ac
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - ProgIDFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff9df850
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff8a0680
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8987e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff898284
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\system32\ole32.dll @ 0x7feff8c2c60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\system32\ole32.dll @ 0x7feff9ea130
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\system32\ole32.dll @ 0x7feff8aca98
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMalloc : C:\Windows\system32\ole32.dll @ 0x7feff8b3540
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8c2e18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bea20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantClear : C:\Windows\system32\ole32.dll @ 0x7feff8b6da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantCopy : C:\Windows\system32\ole32.dll @ 0x7feff9930a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff8a3e90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff8bef20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8940c0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff89d9d0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeSecurity : C:\Windows\system32\ole32.dll @ 0x7feff8a8220
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevertToSelf : C:\Windows\system32\ole32.dll @ 0x7feff895a58
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoImpersonateClient : C:\Windows\system32\ole32.dll @ 0x7feff895a14
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARX-22N0YB0 +++++
--- User ---
[MBR] 10f00f4bc6194841d91ecd066bf1c8d3
[BSP] 388aac444daf538198df578a2d4fadbb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 205001 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 419842710 | Size: 743218 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Apacer AC203 USB Device +++++
--- User ---
[MBR] b711af9ead283f324f04ee82c252b1ad
[BSP] 4727881d2de01fb0fadbfc2b65e21c88 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_10212014_142034.log - RKreport_DEL_10212014_142109.log - RKreport_DEL_10212014_142136.log - RKreport_DEL_10212014_142541.log
RKreport_DEL_10212014_142556.log - RKreport_SCN_10212014_140633.log - RKreport_SCN_10212014_142451.log

Tigzy · « **Reply #5 on:** October 22, 2014, 11:07:42 AM »

Please pay attention to what is above you when you post

Those lines are already reported, and are on their path to the new version.

davec · « **Reply #6 on:** October 23, 2014, 12:17:41 AM »

Tigzy......

Please RE-READ what was sent. The items ARE different. If providing a courteous response isn't within your capabilities, do something else. All you had to say was "Those lines are already reported, and are on their path to the new version."

Tigzy · « **Reply #7 on:** October 23, 2014, 02:56:17 PM »

Was not just for you davec.

The same lines are :

Quote

C:\Windows\system32\ole32.dll
C:\Windows\system32\VERSION.dll
C:\Windows\system32\CFGMGR32.dll

Unknown modules cannot be treated.
Sorry for the rude answer, but yes they are the same

ROUGEXIII · « **Reply #8 on:** October 26, 2014, 05:11:40 PM »

Hi,

I dont know if they are already given as false positive or if they are true positive:

Quote

¤¤¤ Antirootkit : 4 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\kbdclass.sys - IRP_MJ_READ[3] : C:\WINDOWS\system32\DRIVERS\ETD.sys @ 0xb8cc0232
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Reenumerate_DevNode : C:\WINDOWS\system32\SETUPAPI.dll @ 0x779526a5
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_DevNode_Status : C:\WINDOWS\system32\SETUPAPI.dll @ 0x778ec6eb
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_Parent : C:\WINDOWS\system32\SETUPAPI.dll @ 0x77957a5d

Thanks for help

Tigzy · « **Reply #9 on:** October 27, 2014, 08:36:41 AM »

Thanks, I've added them when I saw your forum thread

Aceinthewhatever · « **Reply #10 on:** October 29, 2014, 08:06:56 AM »

Hi, I recently downloaded AVG and on the first scan it told me I had rootkit, which eventually led me here. Anyways, I don't know much about this kind of stuff, so here my results from the scan:

¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] HostAppServiceUpdater.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[7] -> Killed [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermThr]
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Killed [TermProc]
[PUP] (SVC) vToolbarUpdater18.1.10 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe[7] -> Stopped

¤¤¤ Registry : 14 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\BC234_000\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\BC234_000\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.10 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.10 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\Windows\SYSTEM32\sppc.dll @ 0x7ffa1b59566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\Windows\SYSTEM32\sppc.dll @ 0x7ffa1b5978e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ffa0d55bf60

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] 4eb748eb2bad407088f7494c6ed510e9
[BSP] 4602f267e28c59160c125920bff66dfd : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_10292014_022328.log - RKreport_SCN_10292014_024954.log

Thanks for the help

Tigzy · « **Reply #11 on:** October 29, 2014, 08:42:56 AM »

Thanks, that's already added

Aceinthewhatever · « **Reply #12 on:** October 29, 2014, 09:14:17 AM »

Oh, sorry, I think I posted in the wrong thread, I thought this was for asking if results were false positives or not, my bad. I really have no clue if these are false positives or not, so I was hoping if you guys could enlighten me.

Tigzy · « **Reply #13 on:** October 29, 2014, 10:12:32 AM »

Mmh, well, for Rootkit section yes it is.
For the rest, it's adware (PUP) and shall be removed

patweb · « **Reply #14 on:** November 05, 2014, 08:51:12 PM »

SYSFER.DLL identified as rootkit (yellow).

This program is part of Symantec Endpoint Protection and Norton 360. I assume this is normal, and a false positive.

Log-

¤¤¤ Antirootkit : 218 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39b85 (jmp 0xfffffffffdaf7e05)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74b39e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74b39e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtRenameKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d65 (jmp 0xfffffffffdaf76d5)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ CRYPTBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39bc1 (jmp 0xfffffffffdaf7dc1)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ CSCDLL.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ CSCAPI.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntshrui.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ srvcli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtDeleteFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39bc1 (jmp 0xfffffffffdaf7dc1)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ iertutil.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WININET.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WININET.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ ksuser.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ netutils.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ netshell.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ dhcpcsvc.DLL) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ wkscli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ sfc_os.DLL) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ DEVRTL.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ drprov.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ drprov.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntlanman.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntlanman.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ dfscli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ browcli.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ browcli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ wshtcpip.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39b85 (jmp 0xfffffffffdaf7e05)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74b39e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
(truncated too big)

Thanks, Pat

Author Topic: ===> False Positives <=== (Read 351377 times)

Tigzy

===> False Positives <===

Irrelevant

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

davec

Re: ===> False Positives <===

Shola

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

davec

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

ROUGEXIII

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

Aceinthewhatever

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

Aceinthewhatever

Re: ===> False Positives <===

Tigzy

Re: ===> False Positives <===

patweb

Re: ===> False Positives <===